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CLAIMS : 

A communication system having tunnels formejl on 
a physical communication line and having a plurality of 
sessions in each said tunnel, comprising: 

an authentication unit which authenticates the 
user using a plurality of tunnels to see if _said user is 
a customer of service of reserving sessions .in a smaller 
number of tunnels in exchange for a specified service 
fee; 

a decision unit for, when said user was 
authenticated as a customer of said service by said 
authentication unit, monitoring the state of use of 
tunnels and sessions used by said user and deciding 
whether or not the sessions currently used by said user 
can be reserved in a fewer tunnels ; 

a tunnel control unit which controls the 
tunnels such that a plurality of sessions used by said 
user are gathered in a specified tunnel when said 
decision unit decides that said sessions can be reserved 
in a fewer, tunnels ; and 

a charging unit which chargs usage fees 
according to the number of tunnels or the number of 
physical communication lines. 




A communication system having a first server 



for accommodating user terminals , and a second server 
connected through a first network with said first server, 
for forming a^ tunnel in said first network in cooperation 
with said first server and connecting said user terminals 
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to a second network through said tunnel, wherein said 
first server comprises, a first interface for connection 
to said user, terminals; an authentication unit for 
authenticating a user .requesting to be connected through 
said first interfape; a first tunnel unit for forming 
between said first server and said second server a tunnel 



for establishing a session for said authenticated user, 
and outputting packets received from^said first 
interface; a second interface for transferring packets 
q output from said tunnel .unit through' said tunnel; formed 

fft ^ on said first net work ; and a control unit for monitoring 

If; said session and controlling said tunnel unit to reserve 

i Ls /\ 

{*f said user's sessions in a fewer ^ tunnels , and said second 

server comprises a third interface for connection to said 



first network; a second tunnel unit for forming between 
said first server and. said second server a tunnel for 
establishing a session for said authenticated user, 
decapsulates the^ encapsulated packets received from said 
third interface and outputting the packets; and a fourth 
interface transferring packets output from said second 
tunnel unit to said second network. 

3. A communication system according to Claim 2, 
wherein said control unit determines a tunnel, where a 
session was disconnected out of a plurality of tunnels, 
and controls said tunnel unit to shift a session in 
another tunnel to the tunnel where there is said 
disconnected session . 

4. A communication system according to Claim 3, 



wherein said first server further comprises a storage 
unit for storing an administration table for 

r — 

administrating said tunnels; and wherein said control 
unit generates said administration table, and administers 
the establishment of said tunnels and the reserving of 
said sessions according to said administration table, 
5. A communication system according to Claim 4, 

wherein said control unit detects disconnection of a 
session, registers the disconnected session in said 
administration table, searches said administration table 
for a session on ^ another tunnel movable to the tunnel 
where said session was disconnected, and transmits a 
session switchover message, including identification 
information of a searched-out session, to said second 
server, and wherein said second server, in response to 
said switchover message, moves the session on the other 
tunnel to 'the tunnel where said session was disconnected. 




In a virtual private network, a communication 



method for encapsulating packets received by a first 
communication interface and transferring encapsulated 
packets through a second communication interface, 
comprising the steps of: 

reserving a first logical path on a first 
physical communication line connected to said second 
interface; 

reserving a first session on said first logical 

path; 

reserving a second logical path on a second 
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physical communication line connected to said second 
interface; 

reserving a second session on said second 
logical path; 

monitoring a bandwidth of said first logical 

path; 

when there is some bandwidth to spare on the 
first logical path found as a result .of monitoring of 
said first logical path, reserving over again the second 
session, heretofore reserved on the second logical path, 
''"this time in the first logical path according to the 1 ^ 
degree of availability. """""^ 
7. A communication method according to Claim 6, 

wherein said step of reserving the first session on said 
first logical path comprises reading the state of use of 
the first logical path from the first storage unit where 
the state of use of the first logical path is stored; 
deciding whether or not a new session can be reserved on 
said logical path from the service condition read; when 
the decision is that a new session can be reserved, 
registering a new session to be reserved in said first 
storage unit, wherein said step of reserving the second 
session on said second logical path comprises reading the 
state of use of said second logical path from the second 
storage unit where the state of use of the second logical 
path is stored; deciding from the state of use read 
whether or not a new session can be reserved; and when 
the decision is that a new session can be reserved. 



registering a new session to be reserved in the second 
storage unit, and wherein said step of monitoring the 
bandwidth of the first logical path comprises reading the 
state of use of the first logical path from the first 
storage unit for administrating the service condition of 
said first logical path; and deciding from the state of 
use read whether or not a new session can be reserved on 
said logical path. 

8. A communicating method according to Claim 6, 
further comprising allocating a service level to said 
session, wherein said step of monitoring the bandwidth of 
the first logical path is monitoring the total of service 
level of sessions reserved on said first logical path, 
and wherein said step of reserving the session, 
heretofore reserved on said second logical path, this 
time in the first logical path further comprises 
calculating allocable service level from the sum of 
service level of said session and all service level 
allocable to said logical path, comparing the service 
level of the session reserved on said second logical path 
with said calculated service level, and when, according 
to the result of said comparison, the service level of 
the logical path reserved on the second physical line is 
not higher than said calculated service level, reserving 
again the session, heretofore reserved on said second 
logical path, this time in said first logical path. 

9. A communication method according to Claim 1, 
said step of reserving again the session, heretofore 



reserved on said second logical path, this time in said 
first logical path comprises reserving a new session on 
said first logical path, transferring packets, heretofore 
transmitted through the session reserved on said second 
.logical path, this time through a new session reserved on 
said first logical path, and disconnecting the session 
reserved on said second logical path. 

10. A communication method according to Claim 9, 
further comprising the steps of: 

allocating service level to said session; 
monitoring the traffic of said session; and 
when the traffic of said session does not match 

the allocated service level, adjusting the service level 

of said session to match the traffic. 

11. A communication method according to Claim 10, 
wherein said step of adjusting said service level of said 
session to match the traffic is to decrease the service 
level of said session when the traffic of said session is 
lower than a threshold value, or to increase the service 
level of said session when the traffic of said session is 
higher than the threshold value. 

A communication system for building a VPN, 
comprising: 

a first interface which connects to a user 
terminal through a communication line^ 

an authenticating unit which authenticates a 
user requesting a connection through said first 
interface; 



a tunnel unit which forms a tunnel for 
establishing a session for said authenticated user* and 
encapsulating and outputting packets, received from said 
first interface; 

a second interface which transfers packets, 
output from said tunnel unit, to another netwprk; and 

a control unit which monitors said sessions and 
controlling said tunnel unit^ to reserve sessions in a 
fewer tunnels . 

13. A communication system according to Claim 12, 
wherein said control unit controls said tunnel unit to 
determine a tunnel where a session was disconnected, out 
of a plurality of tunnels and move a session on another 
tunnel to the tunnel where the session was disconnected. 

14. A communication system according to Claim 13, 
further comprising a storage unit for storing an 
administration table to administer said tunnel, wherein 
said control unit generates said administration table and 
administers the establishment of said tunnel and the 
reservation of said session according to said 
administration table . 

15. A communication system according to Claim 14, 
wherein said control unit detects the disconnection of a 
session, registers the disconnected session in said 
administration table, searches said administration table 
for a session on another tunnel likely to be able to be 
shift to the tunnel where said session was disconnected, 
generates a session switchover message, including 
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identification information about the searched-out 
session, and transmits said message from said second 
interface . 

A computer-readable recording medium for 
storing a program instructing a computer to execute steps 
in a communication method for encapsulating packets 
received from a first communication interface and 
transferring encapsulated packets through a second 
communication interface, said steps comprising: 

reserving a first logical path on a first 
physical line connected to said second interface; 

reserving a first session on said first logical 

path; 

reserving a second logical path on a second 
physical path connected to said second interface; 

reserving a second session on said second 
logical path; 

monitoring the bandwidth of said first logical 

path; 

when a bandwidth to spare is found on said 
first logical path as the result of monitoring said first 
logical path, reserving said second session, heretofore 
reserved on said logical path, t his time on said secon d 
logical path according to the degree o f room in th6 
ba ndwidth . 

1^. A method for providing a communication path for 

the user, comprising the steps of: 

deciding whether or not /the user is under a 
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contract for supplementary service; / 

when the user is under a contract for 
supplementary service, reserving on a private line a 
communication path of another user having a common 
charge-paying bank account with said user; 

when the user is under a contract for 
supplementary service, requesting the payment of a 
communication fee of said user and a contract fee under a 
contract for said supplementary service paid in writing 
or by e-mail; and / 

having said communication fee and said contract 
fee paid from said bank account for payment. 

18. A method for providing a communication path 
according to Claiml7, further comprising the steps of: 

inputting the contents of a contract with said 
user; / 

generating a contract contents table holding 
contents of said contract based on the input contents of 
said contract; and / 

deciding wheyher or not said user has entered 
into a contract for supplementary service based on said 
contract contents tatrle. 

19. A method yor providing a communication path 
according to Claim /l8, further comprising the steps of: 

charging as said contract fee a fixed fee or a 
meter-rate decided according to the amount of use when a 
communication path of another user having a common 
charge-paying bank account with said user was reserved on 
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a private line; and JI 

calculating a claimed sum by/totaling 
communication fees of a plurality of/users having said 
charge-paying bank account in common at every fixed 
period, and having said claimed /sum paid from said bank 
account . / 
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